Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4FF31853.9020601@openstack.org>
Date: Tue, 03 Jul 2012 18:05:39 +0200
From: Thierry Carrez <thierry@...nstack.org>
To: "openstack@...ts.launchpad.net" <openstack@...ts.launchpad.net>, 
 oss-security@...ts.openwall.com
Subject: [OSSA 2012-008] Arbitrary file injection/corruption through directory
 traversal issues (CVE-2012-3360, CVE-2012-3361)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenStack Security Advisory: 2012-008
CVE: 2012-3360, 2012-3361
Date: July 3, 2012
Title: Arbitrary file injection/corruption through directory traversal
issues
Impact: Critical
Reporter: Matthias Weckbecker (SUSE Security team), Pádraig Brady (Red
Hat)
Products: Nova
Affects: All versions

Description:
Matthias Weckbecker from SUSE Security team reported a vulnerability
in Nova compute nodes handling of file injection in disk images. By
requesting files to be injected in malicious paths, a remote
authenticated user could inject files in arbitrary locations on the
host file system, potentially resulting in full compromise of the
compute node. Only Essex and later setups running the OpenStack API
over libvirt-based hypervisors are affected.

Upon further inspection of the code, Pádraig Brady from Red Hat found
an additional vulnerability. By crafting a malicious image and
requesting an instance based on it, a remote authenticated user may
corrupt arbitrary files on the host filesystem, potentially resulting
in a denial of service. This affects all setups.

Fixes:
Folsom:
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
Essex:
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
Diablo: see patch at https://review.openstack.org/9268

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3361
https://bugs.launchpad.net/nova/+bug/1015531

Notes:
This fix will be included in the folsom-2 development milestone
(published this week) and in future Essex and Diablo releases.

- -- 
Thierry Carrez (ttx)
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJP8xhQAAoJEFB6+JAlsQQjxrwP/0riLbaI8tCRfKeR6I2ATXIU
1QTOjn6TzQOhUNKwP63OzeUmu1xg7gI/XscWYLgxPYetsysao7YUgsy7PcVSznQh
Ii7LM7WnrxpanP3SOOM4qJQ4d3MZvP8qP0R9hQ1XAtdE9T4yB3aDvzf+XVXFFLad
nnF9meI5xPe+Ws70BH0rTo2XNcTTukpnNxOwYC4Sayx0cHvMCjLMr6RWOoPCftDd
WFDOeJNuSEh1NcDwt6qgPCQMLBS/+WavnQFf6EuBdjkASAtONDYblkxyYPRSsf8y
xYDVjrYUcJ5YeDwI2vbqKCP9EMuwb0JSfep767OIbupgIMm7rTjW+vEsns4e2d1m
2WovMHlV9ar7zpTIeqjAYE/BzUlRaOa7+JRJwy8F2awbu5oQUeOLq8XeAyo5Ag8C
zjYMut/OuHEdqMQY+eLqtPVcaNg801wXEfgdn8zuE41qXkk6yyAFJJUPlkBeMqiE
8cHEeJJwBDP5deHJIESzraeOUTFBXXoABhxdehAa708y4BWGt0/EG5SeHg38HoZs
gODHzZ5D+rgRYZsMV3JanAoB27QH4LQfPc1WLCM20wJSppZXq4KjngNA9trV68Na
+LKR+/EAZvOmpJMsymhuTgc9uRNRTlhC85NGquBzK2TZtlfJzI/qADV7fQPnWVQZ
JJcGXBOJw/J7rCmBIDuQ
=/7QJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.